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DETAILED ACTION 
Response to Arguments 

1 . Applicant's arguments with respect to claims 1-22 have been considered but 
are moot in view of the new grounds of rejection. 

Claim Rejections - 35 USC § 112 

2. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

3. Claims 1 - 16 and 18 - 22 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claims contain subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventors, at the time the application 
was filed, had possession of the claimed invention. The amended claims recite that the 
client is authenticated when the certificate matches the revoked certificate data (claims 
1 , 9, 1 1 , 18 and 22). The part of the specification ([0040] and [0050-0051]) that the 
applicant cites that teaches this limitation specifically teaches that if the certificate is on 
the revoked certificate list that the user is denied access and therefor not authenticated. 
Therefor the new limitations to the claims are new matter and lack enablement. 
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Claim Rejections - 35 USC § 102 

4. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

5. Claim 17 is rejected under 35 U.S.C. 102(b) as being anticipated by Xu. 
Referring to claim 17, Xu teaches: 

a. A fetching server for identifying a list of addresses corresponding to a 
plurality of certificate issuers, said fetching server retrieving revoked certificate 
status data (page 4, paragraph 53). 

b. A central database responsive to the retrieved revoked certificate status 
data for storing a list of revoked certificates (page 1 , paragraph 12). 

c. The fetching server identifying an address from a user certificate data 
included in a client request, wherein it is determined that there is no match 
between the user certificate data and retrieved certificate status said address 
identifying the location of the revoked certificate data for a plurality of revoked 
certificates being maintained by at least one of the plurality of certificate issuers 
(page 5, paragraph 73) and storing the address in the central database for 
subsequent retrieval (page 4, paragraph 53, Figure 1). 

Claim Rejections ■ 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
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the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in. the application indicating 
obviousness or nonobviousness. 

8. Claims 1 - 16 and 18 - 22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Xu above, and further in view of Adusumilli US Publication 
2003/0097592 A1. Referring to claims 1 and 18, Xu teaches: 

d. Receiving a request from a user for access to the web including a user 
certificate, and comparing the user certificate data to the revoked certificate data 
stored in the central location (page 6, paragraph 96). 

e. Retrieving revoked certificate data from a plurality of certificate issuers, 
and storing the revoked certificate data in a central location (page 3, paragraph 
45). 

f. Providing the user access to the requested web services once the user is 
authenticated (page 1 , paragraphs 2-3). 

g. Identifying an address from the user certificate data, said address 
identifying the location of the revoked certificate data for a plurality of revoked 
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certificates being maintained by at least one of the plurality of certificate issuers 
(page 5, paragraph 73). 

h. Storing the address in the central location for subsequent retrieval (page 
4, paragraph 53, Figure 1). 

9. Xu does not explicitly disclose authenticating the user if the comparing indicates 
that the user certificate data matches the revoked certificate data or if it does not match 
the revoked certificate data, and providing access to the service. However, Adusumilli 
discloses: 

i. Allowing the user access even when the certificate matches the CRL 
(page 14 paragraph 192). 

j. Allowing the user access if the certificate is not on the CRL (page 14, 
paragraph 192). 

1 0. Xu and Adusumilli are analogous art because they are from the same field of 
endeavor, certificate revocation. At the time of the invention, it would have been obvious 
to one of ordinary skill in the art, having the teachings of Xu and Adusumilli before him 
or her, to modify the CRL consolidation of Xu to include the authentication of Adusumilli. 
The suggestion/motivation for doing so would have been to verify and authenticate a 
user (page 10, paragraph 137). 

1 1 . Referring to claims 2, and 19, Xu teaches wherein the user certificate data 
includes a unique identifier and authenticating the user includes determining whether 
the unique identified included with the request corresponds to the revocation list (page 
4, paragraph 55). 
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12. Referring to claims 3 and 20, Xu teaches that the user certificate data includes 
an expiration date (page 1, X509 Certificate Table, Validity Period) and wherein 
determining whether the expiration date is prior to the current date or after the current 
(page 1, paragraph 5), and providing authenticated user access to the requested web 
service when the expiration date is determined to be after the current date (page 6, 
paragraph 96). 

13. Referring to claims 4, and 21 , Xu teaches identifying an address from the user 
certificate data, said address identifying the location of the revoked certificate list, and 
retrieving the revoked certificate data from the location (page 5, paragraph 73). 

14. Referring to claim 5, Xu teaches wherein the identified address is a URL 
corresponding to a web service storing revoked certificate data (page 5, paragraph 73). 

1 5. Referring to claims 6 and 16, Xu teaches comparing user certificate data to 
stored certificate data to identify a new list of addresses corresponding to a plurality of 
different revoked certificates (page 4, paragraph 62). 

16. Referring to claim 7, Xu teaches identifying the address includes identifying the 
location of a certificate revocation list (page 5, paragraph 73). 

17. Referring to claim 8, Xu teaches wherein retrieving includes retrieving revoked 
certificates previously stored in the central location (page 3, paragraph 41). 

1 8. Referring to claims 9 and 22, Xu teaches: 

k. Retrieving the stores revoked certificate data from the central location, and 
determining an update time for each of the one or more certificate issuers, said 
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update time specifying a time updated revoked certificate data is published (page 
4, paragraph 53). 

I. Identifying an address of each of the one or more certificate issuers from 
the retrieved revoked certificate data (page 4, paragraph 53). 
m. Identifying another address from the user certificate data, said address 
identifying the location of the revoked certificate data for a plurality of revoked 
certificates being maintained by at least one of the plurality of certificate issuers 
(page 5, paragraph 73). 

n. Storing the address in the central location for subsequent retrieval (page 
4, paragraph 53, Figure 1). 

o. Organizing the retrieved revoked certificate data in a sequence according 
to the determined update time (page 4, paragraph 58). 

p. Retrieving additional revoked certificate data from the identified addresses 

according to update times (page 3, paragraph 40 and 47). 
19. Xu does not explicitly disclose comparing the user certificate data included in the 
request to the stored revoked certificate' data, authenticating the user if the comparing 
indicates that the user certificate data matches the revoked certificate data or if it does 
not match the revoked certificate data, and providing access to the service. However, 
Adusumilli discloses: 

q. Comparing the user certificate in the request to the CRL (page 14, 

paragraph 192). 
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r. Allowing the user access even when the certificate matches the CRL 
(page 14 paragraph 192). 

s. Allowing the user access if the certificate is not on the CRL (page 14, 
paragraph 192). 

20. Xu and Adusumilli are analogous art because they are from the same field of 
endeavor, certificate revocation. At the time of the invention, it would have been obvious 
to one of ordinary skill in the art, having the teachings of Xu and Adusumilli before him 
or her, to modify the CRL consolidation of Xu to include the authentication of Adusumilli. 
The suggestion/motivation for doing so would have been to verify and authenticate a 
user (page 10, paragraph 137). 

21 . Referring to claim 10, Xu teaches wherein determining the update times includes 
parsing the retrieved revoked certificate data, and the identifying address of a certificate 
issuer includes parsing the revoked certificate to identify a URL (page 4, paragraph 53). 

22. Referring to claim 11, Xu teaches: 

t. A central database (page 1 , paragraph 12). 

u. A fetching server to retrieve the revoked certificate data from a plurality of 
certificate authority servers (page 1 , paragraph 1 2). 
v. An authentication server with a certificate revocation provider loads 
revoked certificate data to determine if the client request is authentic (page 6, 
paragraph 96). 

w. Identifying an address from the user certificate data, said address 
identifying the location of the revoked certificate data for a plurality of revoked 
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certificates being maintained by at least one of the plurality of certificate issuers 
(page 5, paragraph 73). 

x. Storing the address in the central database for subsequent retrieval (page 
4, paragraph 53, Figure 1). 

23. Xu does not explicitly disclose authenticating the user if the comparing indicates 
that the user certificate data matches the revoked certificate data or if it does not match 
the revoked certificate data. However, Adusumilli discloses: 

y. Allowing the user access even when the certificate matches the CRL 
(page 14 paragraph 192). 

z. Allowing the user access if the certificate is not on the CRL (page 14, 
paragraph 192). 

24. Xu and Adusumilli are analogous art because they are from the same field of 
endeavor, certificate revocation. At the time of the invention, it would have been obvious 
to one of ordinary skill in the art, having the teachings of Xu and Adusumilli before him 
or her, to modify the CRL consolidation of Xu to include the authentication of Adusumilli. 
The suggestion/motivation for doing so would have been to verify and authenticate a 
user (page 10, paragraph 137). 

25. Referring to claim 12, Xu teaches examines an expiration date included in the 
revoked certificate data to determine if the client is authorized to access the requested 
service (page 6, paragraph 96). The certificate is determined to be revoked according to 
the expiration date included in the certificate (page 1 , paragraph 5 and table 2). 
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26. Referring to claim 13, Xu teaches further examining the next update time to 
determine if the loaded revoked certificate data is the latest revoked certificate data 
(page 4, paragraph 53). 

27. Referring to claim 14, Xu teaches that the fetching server includes a default 
address identifying the location of a certificate authority server and the fetching server 
retrieves the CRL from the certificate authority having the default address (page 4, 
paragraph 53). 

28. Referring to claim 1 5, Xu teaches that the fetching server has a fetching table 
maintaining revoked certification data for a plurality of revoked certificates, and wherein 
revoked certificate data maintained in the fetching table identifies an address of a 
certificate authority server maintaining a list of revoked certificates. (page 3, Table 1 and 
page 4, paragraph 53). 

Conclusion 

29. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Cordelia Kane whose telephone number is 571-272- 
7771 . The examiner can normally be reached on Monday - Thursday 8:00 - 5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-91 99 (IN USA OR CANADA) or 571 -272-1 000. 
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Patent Examiner 
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